Bug 2054661

Summary: RFE: Support measured AMD SEV boot with kernel/initrd/cmdline in OVMF
Product: Red Hat Enterprise Linux 9 Reporter: Gerd Hoffmann <kraxel>
Component: edk2Assignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: zixchen
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: berrange, bstinson, coli, crobinso, jinzhao, juzhang, jwboyer, kraxel, meili, mrezanin, pbonzini, virt-maint, xuwei
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: edk2-20220126gitbb1bba3d77-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 12:53:56 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerd Hoffmann 2022-02-15 12:51:59 UTC 
This bug was initially created as a copy of Bug #1985468

I am copying this bug because: 
keep 8.6 / 9.0 in sync


1. Feature Overview:
 a) Name of feature:
    OVMF: Support measured AMD SEV boot with kernel/initrd/cmdline
 b) Feature Description:
    Work is being done on upstream OVMF to support measured AMD SEV boot with direct kernel boot [1,2,3,4,5].
	
    This is important for IBM since it is required for usecases such as Kata Container-based encrypted VMs, where the content of kernel, initrd and command line is not a secret but must be attested.

2. Feature Details:
 a) Architectures:
    64-bit Intel EM64T/AMD64
 b) Bugzilla Dependencies:
    N/A
 c) Drivers or hardware dependencies:
    AMD Systems with SEV capabilities
 d) Upstream acceptance information:
    This patch has gone through several revisions. It is beeing reviewed by OVMF maintainers and should be merged in the near future.
	
    Once this patch is accepted, the QEMU community is ready to merge the a patchset to generate the information used by OVMF for measured boot. [6,7,8]

 e) External links:
    [1] https://edk2.groups.io/g/devel/message/75567
    [2] https://edk2.groups.io/g/devel/message/77505
    [3] https://edk2.groups.io/g/devel/message/77955
    [4] https://edk2.groups.io/g/devel/message/78075
    [5] https://bugzilla.tianocore.org/show_bug.cgi?id=3457
    [6] https://lore.kernel.org/qemu-devel/20210525065931.1628554-1-dovmurik@linux.ibm.com/
    [7] https://lore.kernel.org/qemu-devel/20210621190553.1763020-1-dovmurik@linux.ibm.com/
    [8] https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-dovmurik@linux.ibm.com/
	
 f) Severity (H,M,L):
    Medium

 g) Feature Needed by:
   RHEL 8.5

3. Business Justification:
   See Comment #1

4. Primary Contact at RedHat:
   Joshua Miller
   jomiller
   919-740-7804

5. Primary Contact at IBM:
   Daniele Buono
   dbuono.com
   845-671-8029
Comment 2 Gerd Hoffmann 2022-02-17 07:47:15 UTC 
https://gitlab.com/redhat/centos-stream/src/edk2/-/merge_requests/10
Comment 3 Yanan Fu 2022-02-24 05:26:40 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 6 zixchen 2022-02-24 07:20:20 UTC 
Test with edk2-ovmf-20220126gitbb1bba3d77-3.el9.noarch, no issue found.

Version:
edk2-ovmf-20220126gitbb1bba3d77-3.el9.noarch
qemu-kvm-6.2.0-9.el9.x86_64

Steps:
1.Install and boot a SEV-ES guest with kernel/initrd/cmdline:
/usr/libexec/qemu-kvm \
    -S  \
    -name 'avocado-vt-vm1'  \
    -sandbox off  \
    -blockdev node-name=file_ovmf_code,driver=file,filename=/usr/share/edk2/ovmf/OVMF.amdsev.fd,auto-read-only=on,discard=unmap \
    -blockdev node-name=drive_ovmf_code,driver=raw,read-only=on,file=file_ovmf_code \
    -machine q35,memory-backend=mem-machine_mem,usb=off,dump-guest-core=off,pflash0=drive_ovmf_code,confidential-guest-support=lsec0 \
    -device pcie-root-port,id=pcie-root-port-0,multifunction=on,bus=pcie.0,addr=0x1,chassis=1 \
    -device pcie-pci-bridge,id=pcie-pci-bridge-0,addr=0x0,bus=pcie-root-port-0  \
    -nodefaults \
    -device VGA,bus=pcie.0,addr=0x2 \
    -device i6300esb,bus=pcie-pci-bridge-0,addr=0x1 \
    -watchdog-action reset \
    -m 4096 \
    -overcommit mem-lock=off \
    -object memory-backend-ram,size=4096M,id=mem-machine_mem  \
    -smp 16,maxcpus=16,cores=8,threads=1,dies=1,sockets=2  \
    -cpu EPYC-Rome-v2 \
    -device intel-hda,bus=pcie-pci-bridge-0,addr=0x2 \
    -device hda-duplex \
    -chardev socket,server=on,path=/tmp/avocado_3rfztrjr/monitor-qmpmonitor1-20220223-020517-TfyHVYuF,wait=off,id=qmp_id_qmpmonitor1  \
    -mon chardev=qmp_id_qmpmonitor1,mode=control \
    -chardev socket,server=on,path=/tmp/avocado_3rfztrjr/monitor-catch_monitor-20220223-020517-TfyHVYuF,wait=off,id=qmp_id_catch_monitor  \
    -mon chardev=qmp_id_catch_monitor,mode=control \
    -device pvpanic,ioport=0x505,id=idR8W21P \
    -chardev socket,server=on,path=/tmp/avocado_3rfztrjr/serial-serial0-20220223-020517-TfyHVYuF,wait=off,id=chardev_serial0 \
    -device isa-serial,id=serial0,chardev=chardev_serial0 \
    -object rng-random,filename=/dev/random,id=passthrough-NaKR2bm4 \
    -device pcie-root-port,id=pcie-root-port-1,port=0x1,addr=0x1.0x1,bus=pcie.0,chassis=2 \
    -device virtio-rng-pci,id=virtio-rng-pci-pzencDAW,rng=passthrough-NaKR2bm4,bus=pcie-root-port-1,addr=0x0  \
    -chardev socket,id=seabioslog_id_20220223-020517-TfyHVYuF,path=/tmp/avocado_3rfztrjr/seabios-20220223-020517-TfyHVYuF,server=on,wait=off \
    -device isa-debugcon,chardev=seabioslog_id_20220223-020517-TfyHVYuF,iobase=0x402 \
    -device ich9-usb-ehci1,id=usb1,addr=0x1d.0x7,multifunction=on,bus=pcie.0 \
    -device ich9-usb-uhci1,id=usb1.0,multifunction=on,masterbus=usb1.0,addr=0x1d.0x0,firstport=0,bus=pcie.0 \
    -device ich9-usb-uhci2,id=usb1.1,multifunction=on,masterbus=usb1.0,addr=0x1d.0x2,firstport=2,bus=pcie.0 \
    -device ich9-usb-uhci3,id=usb1.2,multifunction=on,masterbus=usb1.0,addr=0x1d.0x4,firstport=4,bus=pcie.0 \
    -device pcie-root-port,id=pcie-root-port-2,port=0x2,addr=0x1.0x2,bus=pcie.0,chassis=3 \
    -device qemu-xhci,id=usb2,bus=pcie-root-port-2,addr=0x0 \
    -device usb-tablet,id=usb-tablet1,bus=usb2.0,port=1 \
    -device pcie-root-port,id=pcie-root-port-3,port=0x3,addr=0x1.0x3,bus=pcie.0,chassis=4 \
    -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pcie-root-port-3,addr=0x0 \
    -blockdev node-name=file_image1,driver=file,auto-read-only=on,discard=unmap,aio=threads,filename=/home/kvm_autotest_root/images/rhel900-64-virtio-scsi.qcow2,cache.direct=on,cache.no-flush=off \
    -blockdev node-name=drive_image1,driver=qcow2,read-only=off,cache.direct=on,cache.no-flush=off,file=file_image1 \
    -device scsi-hd,id=image1,drive=drive_image1,write-cache=on \
    -device pcie-root-port,id=pcie-root-port-4,port=0x4,addr=0x1.0x4,bus=pcie.0,chassis=5 \
    -device virtio-net-pci,mac=9a:c7:44:50:9f:47,id=idNaFmKp,netdev=idkIZeZI,bus=pcie-root-port-4,addr=0x0  \
    -netdev tap,id=idkIZeZI,vhost=on \
    -blockdev node-name=file_cd1,driver=file,auto-read-only=on,discard=unmap,aio=threads,filename=/home/kvm_autotest_root/iso/linux/RHEL*-x86_64-dvd1.iso,cache.direct=on,cache.no-flush=off \
    -blockdev node-name=drive_cd1,driver=raw,read-only=on,cache.direct=on,cache.no-flush=off,file=file_cd1 \
-device scsi-cd,id=cd1,drive=drive_cd1,write-cache=on \
    -blockdev node-name=file_unattended,driver=file,auto-read-only=on,discard=unmap,aio=threads,filename=/home/kvm_autotest_root/images/rhel900-64/ks.iso,cache.direct=on,cache.no-flush=off \
    -blockdev node-name=drive_unattended,driver=raw,read-only=on,cache.direct=on,cache.no-flush=off,file=file_unattended \
    -device scsi-cd,id=unattended,drive=drive_unattended,write-cache=on  \
    -kernel '/home/kvm_autotest_root/images/vmlinuz'  \
    -append 'inst.sshd inst.repo=cdrom inst.ks=cdrom:/ks.cfg nicdelay=60 net.ifnames=0 biosdevname=0 console=ttyS0,115200'  \
    -initrd '/home/kvm_autotest_root/images/initrd.img'  \
    -vnc :0  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot menu=off,order=cdn,once=d,strict=off  \
    -no-shutdown \
    -no-hpet \
    -enable-kvm \
    -monitor stdio \
    -object sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=7,kernel-hashes=on \
    -device pcie-root-port,id=pcie-root-port-5,port=0x5,addr=0x1.0x5,bus=pcie.0,chassis=6 \
    -device virtio-balloon-pci,id=balloon0,bus=pcie-root-port-5,addr=0x0 \
    -device pcie-root-port,id=pcie_extra_root_port_0,multifunction=on,bus=pcie.0,addr=0x3,chassis=7

2. login in guest, check dmesg
# dmesg| grep -i sev
[    0.232868] AMD Memory Encryption Features active: SEV SEV-ES


Result:
Guest boots successfully and sev-es enabled.
Comment 8 errata-xmlrpc 2022-05-17 12:53:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: edk2), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2415